From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: Fix needed for communication with gpg-agent Date: Fri, 23 Feb 2007 18:03:59 -0500 Message-ID: <87hctccw80.fsf@stupidchicken.com> References: <87irdzs6pp.fsf@stupidchicken.com> <87fy91g1pl.fsf@catnip.gol.com> <87wt2dk2rv.fsf@stupidchicken.com> <873b4yt7xx.fsf@stupidchicken.com> <87ps82ukz8.fsf@wheatstone.g10code.de> <87slcynii0.fsf@stupidchicken.com> <87ps81tfuy.fsf@wheatstone.g10code.de> <874ppc7si8.fsf@stupidchicken.com> <87slcwrfbh.fsf@wheatstone.g10code.de> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1172271874 14362 80.91.229.12 (23 Feb 2007 23:04:34 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 23 Feb 2007 23:04:34 +0000 (UTC) Cc: wilde@sha-bang.de, Werner Koch , miles@gnu.org, ueno@unixuser.org, emacs-devel@gnu.org To: rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 24 00:04:27 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HKjSl-0003z2-7c for ged-emacs-devel@m.gmane.org; Sat, 24 Feb 2007 00:04:27 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKjSl-0003uc-2U for ged-emacs-devel@m.gmane.org; Fri, 23 Feb 2007 18:04:27 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HKjSa-0003uO-MH for emacs-devel@gnu.org; Fri, 23 Feb 2007 18:04:16 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HKjSa-0003u8-54 for emacs-devel@gnu.org; Fri, 23 Feb 2007 18:04:16 -0500 Original-Received: from south-station-annex.mit.edu ([18.72.1.2]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1HKjSZ-0002wo-JW; Fri, 23 Feb 2007 18:04:15 -0500 Original-Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82]) by south-station-annex.mit.edu (8.13.6/8.9.2) with ESMTP id l1NN4D39025513; Fri, 23 Feb 2007 18:04:14 -0500 (EST) Original-Received: from outgoing-legacy.mit.edu (OUTGOING-LEGACY.MIT.EDU [18.7.22.104]) by grand-central-station.mit.edu (8.13.6/8.9.2) with ESMTP id l1NN41DS024657; Fri, 23 Feb 2007 18:04:02 -0500 (EST) Original-Received: from localhost (MAIN-TWELVE-TWO-THIRTY-TWO.MIT.EDU [18.19.5.232]) ) by outgoing-legacy.mit.edu (8.13.6/8.12.4) with ESMTP id l1NN3xqp000182; Fri, 23 Feb 2007 18:04:00 -0500 (EST) Original-Received: from cyd by localhost with local (Exim 3.36 #1 (Debian)) id 1HKjSJ-0000da-00; Fri, 23 Feb 2007 18:03:59 -0500 In-Reply-To: (Richard Stallman's message of "Fri\, 23 Feb 2007 17\:09\:35 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.94 (gnu/linux) X-Scanned-By: MIMEDefang 2.42 X-Spam-Score: -2.599 X-detected-kernel: Solaris 9.1 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:66713 Archived-At: Richard Stallman writes: > This and for non-X one could suggest to use screen and start gpg-agent > using the option > > --keep-tty > > Ignore requests to change change the current @code{tty} respective the X > window system's @code{DISPLAY} variable. This is useful to lock the > pinentry to pop up at the @code{tty} or display you started the agent. > > on a different tty than Emacs. I know that a least one hacker is > using it this way. > > That is not an acceptable solution because it calls on the user to > do something very unusual merely in order to be able to use gpg. This unusual approach is only if the user wants to use gpg-agent on the console. As I've pointed out, the way PGG communicates with gpg is quite secure, since it is done using a pty instead of a tempfile. The two drawbacks to entering the passphrase through PGG is that (a) Emacs is more complicated that pinentry, so it may be more probable that Emacs contains an exploitable bug than pinentry, and (b) your cached passphrase might be recoverable by someone else who uses your console when you step away. Note that in case (b), you're screwed anyway: once a malicious attacker has access to your console, he can install such nastier attacks (keyboard sniffers, etc) that Emacs/PGG may be the least of your worries. So we're left with reason (a). I think it is sufficient to recommend using gpg-agent under X; if the user does not want to use X, we can say to either (i) use PGG's Elisp passphrase caching, and explain how it's not necessarily the best thing to do because Emacs code may harbor bugs (though we're not currently aware of any), or (ii) use the above unusual setup if he wants to use gpg-agent.